A Study of Password Security Factors among Bangladeshi Government Websites
This study identifies critical password security vulnerabilities in Bangladeshi government websites, posing a risk to citizen data and online public services.
This study analyzed password security on 36 Bangladeshi government websites against six heuristics. It found that many websites lack proper security measures, including the absence of password construction guidelines, allowing weak passwords, and not using secure HTTPS channels for data transmission.
The Government of Bangladesh is aggressively transforming its public service landscape by transforming public services into online services via a number of websites. The motivation is that this would be a catalyst for a transformative change in every aspect of citizen life. Some web services must be protected from any unauthorised usages and passwords remain the most widely used credential mechanism for this purpose. However, if passwords are not adopted properly, they can be a cause for security breach. That is why it is important to study different aspects of password security on different websites. In this paper, we present a study of password security among 36 different Bangladeshi government websites against six carefully chosen password security heuristics. This study is the first of its kind in this domain and offers interesting insights. For example, many websites have not adopted proper security measures with respect to security. There is no password construction guideline adopted by many websites, thus creating a barrier for users to select a strong password. Some of them allow supposedly weak passwords and still do not utilise a secure HTTPS channel to transmit information over the Internet.